Fetching Remote Server Keys

The Tectia client tools on the mainframe must have the remote server public keys or public key hash values available in order to authenticate the remote server they are connecting to. The keys or key hash values can be stored in the mainframe user's $HOME/.ssh2/hostkeys directory or in the /opt/tectia/etc/hostkeys directory which is common for all the users. The key distribution tool can be used to retrieve multiple remote host keys and store the keys or key hash values to the user's host key directory or to the system-wide key store that is available for all the users.

Examples of Fetching Remote Server Keys

The following examples illustrate using ssh-keydist-g3 for fetching remote server host keys.

Caution

When ssh-keydist-g3 is run with the -N option, it accepts the received host keys automatically without prompting the user. You should verify the validity of keys after receiving them or you risk being subject to a man-in-the-middle attack.

Example 1: Using USS

This example is run under USS shell. Multiple host keys are fetched in verbose mode and saved in plain format under the user's $HOME/.ssh2/hostkeys directory. The host keys are also saved using the IP addresses of the hosts. The log is stored under /tmp. The log will list the accepted keys and their fingerprints. You should verify them after running the command.

Copyright 2011 Tectia Corporation This software is protected by international copyright laws. All rights reserved.Contact Information

Highlights from the SSH.COM blog:

Cryptomining with the SSH protocol: what big enterprises need to know about it

Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency. Read more

SLAM the door shut on traditional privileged access management

Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity? Read more

We broke the IT security perimeter

Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so. Read more

SSH Webinar:

The evolution of 3rd party access – four use cases

Join Ubisecure and SSH.COM webinar on Tuesday 22 January to learn how cloudification has changed the rules of mission-critical access.